Sophos Endpoint Security and Control 10.3.7 release notes

April 2014

Version numbers

Sophos Anti-Virus (SAV) 10.3.7 (Recommended)
Threat detection engine 3.51.1
Sophos Client Firewall (SCF) 3.0.3 (Windows 8)

2.9.4 (Windows 7 and earlier)

Sophos AutoUpdate (SAU) 3.1.1.18
Patch 3.0.7
Note:
  • Some of the features mentioned in these release notes are only available on managed computers or if you have the appropriate license.
  • Automatic deployment of Endpoint Security and Control to Windows 8 and Windows Server 2012 from Enterprise Console requires Enterprise Console 5.1 or later.

    Automatic deployment of Endpoint Security and Control to Windows 8.1 and Windows Server 2012 R2 from Enterprise Console requires Enterprise Console 5.2.1 R2 or later.

    If you are using Enterprise Console 5.0 or earlier, you can install the software by running the installer from a bootstrap location that contains a software subscription for version 10.3. For more information on manual installation, see http://www.sophos.com/en-us/support/knowledgebase/12386.aspx.

What's new

This section lists new features and updates included in this and the preceding three releases of Sophos Endpoint Security and Control 10.3 Recommended.

To view the list of fixed issues, go to Fixed and known issues.

New in this release

Sophos Anti-Virus

  • The threat detection engine has been updated.
  • The Sophos Anti-Virus drivers have been rebuilt with an updated compiler.
  • Device Control can now block access to smart phones or other devices that use the MTP/PTP protocols. This option can only be set centrally at the management console.

Sophos AutoUpdate

  • The back-end updating system has been upgraded.
  • The threat data is now distributed as a supplement, which is updated independently from Endpoint Security and Control and allows for more frequent updates.

Sophos Client Firewall

A number of security enhancements have been implemented in Sophos Client Firewall.

Sophos Patch

Windows 8 support.

Sophos Web Control

Windows 8 support.

New in 10.3.1, February 2014

Sophos Anti-Virus

The threat data has been updated.

New in 10.3.1, January 2014

Sophos Anti-Virus

The threat detection engine and threat data have been updated.

New in 10.3.1, December 2013

Sophos Anti-Virus

The threat data has been updated.

Fixed and known issues

This section lists issues fixed in this and the preceding three releases of Sophos Endpoint Security and Control 10.3 Recommended and known issues in this release.

Go to known issues

Fixed issues

Device Control

Issue ID Description Found in Fixed in
DEF93728 Add IronKey Enterprise D250 4GB to the list of secure removable storage devices. 10.3.7, April 2014
DEF93180 Add Kingston DataTraveler Locker+ G2 8GB to the list of secure removable storage devices. 10.3.7, April 2014
DEF91534 If device control is enabled on a computer running VMware Tools and access to floppy disk drives is set to read-only, this message is repeatedly displayed on the desktop: "Access to device blocked by Sophos. Write access to controlled device type 'Floppy disk drives' blocked by the administrator". The message is also added to the log. This happens because the VMware Tools service attempts to access the floppy drive every few seconds (and will continue to do so even if the floppy drive is no longer connected). 10.3.1 10.3.7, April 2014
DEF73772 Device Control displays the message "Device Control failed when checking volume access: device name=\device\volume, errorCode-0x8000ffff". This is because an error has occurred in the process that checks whether a device is read-only. 9.7.4 10.3.7, April 2014
DEF87140 Realtek RTL8187B Wi-Fi chipset is not detected as a Wi-Fi device by Device Control. 10.3.7, April 2014

Sophos Anti-Virus

Issue ID Description Found in Fixed in
SUG94215 Policies lost on downgrade from version 10.3.3 (Preview) to version 10.3.1 (Recommended). 10.3.3 10.3.7, April 2014
DEF93356 Vulnerability in Microsoft Detours software used in Sophos Anti-Virus. 10.3.1, February 2014

Sophos AutoUpdate

Issue ID Description Found in Fixed in
DEF94488 The version of Sophos AutoUpdate is incorrectly reported in the Sophos Endpoint Security and Control user interface for non-administrator users. 10.3.7, April 2014
DEF94174 Enhance security permissions on the AutoUpdate program folder. 10.3.7, April 2014
DEF85587 Sophos AutoUpdate uninstallation or reinstallation fails if certain components are missing. 10.3.7, April 2014

Sophos Client Firewall

Issue ID Description Found in Fixed in
WKI94527 Microsoft update KB2887595 for Windows 8.1 causes a conflict with Sophos Client Firewall. SCF 3.0.0 10.3.7, April 2014

Sophos Web Control

Issue ID Description Found in Fixed in
DEF79725 Sophos Web Control doesn't work when a user uses Internet Explorer in the new Windows 8 UI. 10.2.0 10.3.7, April 2014

Known issues

Competitor Removal Tool

Issue ID Description Found in
DEF87203 The Sophos Competitor Removal Tool does not restore the registry keys for VBScript, WScript and Java when removing McAfee Security as a Service 5.4. Workaround: Remove the software using Add/Remove Programs in Control Panel before installing Sophos Endpoint Security and Control. iCRT 2.10.1
DEF84842 The Sophos Competitor Removal Tool fails to remove Norton Internet Security 2010 (version 17.x). Workaround: Remove the software using Add/Remove Programs in Control Panel before installing Sophos Endpoint Security and Control. 10.2.0

Data Control

Issue ID Description Found in
DEF79180 Files that breach a data control rule can still be transferred to a Windows 8 storage pool. 10.2.0

Installation

Issue ID Description Found in
DEF84838 It is not possible to protect Windows 8 or Windows Server 2012 computers that are in a workgroup from Sophos Enterprise Console 5.1 or later running on Windows Server 2008 or later.

For more information and instructions on how to enable deployment, see http://www.sophos.com/en-us/support/knowledgebase/118354.aspx.

10.2.0

Sophos Anti-Virus

Issue ID Description Found in
DEF85118 If you use the Internet Explorer 10 Windows 8 Modern UI application to access a malicious HTTPS website, Sophos Anti-Virus displays a balloon notification instead of a toast. This means that you do not see the notification until you view the desktop. 10.2.0
DEF84420 If you use a browser's Windows 8 Modern UI application to access a malicious website, and you click the toast that Sophos Anti-Virus displays, the browser is minimized and the desktop is displayed instead. To switch back to the browser, press Alt+Tab. 10.2.0
DEF83463 Although Sophos Anti-Virus can now scan files that are locked during an on-demand scan, it cannot perform cleanup successfully. 10.2.0
DEF79726 If you use the Internet Explorer 10 Windows 8 Modern UI application, Sophos web protection does not stop you from accessing malicious websites. 10.2.0
DEF79482 iSCSI mount points cannot be excluded from on-access scanning. 9.7.7
- Sophos web protection and web control use a Layered Service Provider (LSP) to intercept network traffic. If web protection or web control is turned on while an incompatible third-party LSP is running, system instability can occur. Therefore, if a third-party LSP that is known to be incompatible is already installed on the computer, the Sophos LSP is not installed. For more information, see http://www.sophos.com/en-us/support/knowledgebase/116241.aspx. 10.0

Sophos AutoUpdate

Issue ID Description Found in
WKI64768 AutoUpdate does not support updating through proxies that use WDigest authentication. However, AutoUpdate does support normal digest authentication. For more information, see http://www.sophos.com/en-us/support/knowledgebase/112633.aspx. SAU 2.5.8

Additional information

  • Product lifecycle policy changes

    From June 2013 Sophos changed the product lifecycle policy for Endpoint products. For existing customers, an additional "Preview" product tag has been added in Windows 2000 and above subscriptions. For more information, go to http://www.sophos.com/en-us/support/knowledgebase/112580.aspx.

    New customers who install Sophos Enterprise Console version 5.2.1 for the first time will see a new set of subscription packages. For more information about the packages and product versions, see http://www.sophos.com/en-us/support/knowledgebase/119216.aspx.

  • Support for Windows 8 and Windows Server 2012
    • On Windows 8, Endpoint Security and Control uses toast notifications instead of balloon notifications to display messages on screen.
    • On Windows 8, if you specify a user-defined message to be displayed in desktop messages, it is not displayed in toasts. For more information, see http://www.sophos.com/en-us/support/knowledgebase/118233.aspx.
    • On Windows 8, if Sophos Anti-Virus cleans up a threat that affects a Windows Store app, it marks the app as tampered with. This causes Windows to offer the user the ability to re-download and re-install the app.
    • Rootkit scanning is not supported on REFS file systems on Windows Server 2012. If the user attempts a rootkit scan on this file system, a message will be logged in the SAV log telling them that rootkit scanning is not supported.
  • Sophos Client Firewall
    • A number of features have been removed from Sophos Client Firewall 3.0 for Windows 8:

      Interactive mode
      Hidden process detection
      Modified memory detection
      Rawsocket applications (rawsockets are treated the same as other connections)
      Non-stateful rules
      The option Concurrent connections for TCP rules
      The option Where the local port is equal to the remote port

    • Sophos Client Firewall does not support the "mobile broadband" driver model in Windows 7.
    • When you install Sophos Client Firewall, all network adapters are temporarily disconnected. This results in network connections being unavailable for up to 20 seconds and the disconnection of networked applications such as Microsoft Remote Desktop.
    • When the log is displayed in a view that auto-refreshes (such as Allowed connections), the view stops refreshing if the service is under a heavy load. After changing to a different view and then back again, auto-refreshing works normally.
  • Application Control

    When Sophos Anti-Virus detects a controlled application on a remote share, the alert always shows that the application was detected on the local computer.

  • Device Control

    Sophos Device Control does not block removable storage devices that are used as system drives, as this typically destabilizes the operating system.

  • Unsupported scenarios
    • Endpoint Security and Control standalone installations do not support Windows Server Core.
    • Endpoint Security and Control managed and standalone installations do not support Windows Server Core Hyper-V.
    • On Windows 2000 systems running Internet Explorer 5 or 6, Web protection allows access to blocked sites via Windows Explorer.
  • Shared Windows components

    When you install Sophos software, some Windows components that might also be used by non-Sophos software are also installed or upgraded:

    Sophos software Shared Windows component
    Name Filenames Versions Date of inclusion with Sophos software
    Sophos Anti-Virus Microsoft XML Core Services msxml4.dll 4.30.2100.0 September 2009
    msxml4r.dll 4.30.2100.0 September 2009
    ATL Library atl90.dll 9.0.30729.4148 June 2013
    Microsoft Visual C/C++ Runtime Libraries msvcm90.dll 9.0.30729.4148 June 2013
    msvcp90.dll 9.0.30729.4148 June 2013
    msvcr90.dll 9.0.30729.4148 June 2013
    Sophos AutoUpdate Windows Installer msi.dll 2.0.2600.2 November 2003
    msiexec.exe 2.0.2600.2 November 2003
    msihnd.dll 2.0.2600.2 November 2003
    msimain.sdb N/a November 2003
    msimsg.dll 2.0.2600.2 November 2003
    msisip.dll 2.0.2600.2 November 2003
    msls31.dll 3.10.337.0 November 2003
    mspatcha.dll 5.1.2600.0 November 2003
    riched20.dll 5.30.23.1200 November 2003
    sdbapiU.dll 1.0.0.1 November 2003
    shfolder.dll 5.0.2919.20 November 2003
    usp10.dll 1.325.2180.1 November 2003
    Sophos Client Firewall 3.0 for Windows 8 Microsoft XML Core Services msxml4.dll 4.30.2100.0 June 2013
    msxml4r.dll 4.30.2100.0 June 2013
    Microsoft Visual C/C++ Runtime Libraries msvcm90.dll 9.0.30729.6161 June 2013
    msvcp90.dll 9.0.30729.6161 June 2013
    msvcr90.dll 9.0.30729.6161 June 2013
    Sophos Client Firewall 2.9 for Windows 7 and earlier Microsoft XML Core Services msxml4.dll 4.30.2100.0 September 2009
    msxml4r.dll 4.30.2100.0 September 2009
    Microsoft Visual C/C++ Runtime Libraries msvcm80.dll 8.0.50727.4053 March 2010
    msvcp80.dll 8.0.50727.4053 March 2010
    msvcr80.dll 8.0.50727.4053 March 2010

Technical support

You can find technical support for Sophos products in any of these ways:

Legal notices

Copyright © 2011–2014 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.